@mattodell so, were do I see who is running this server?
@Sjmaliz @mattodell ok. Thanks. So, his like our new jack.
@Polacci @mattodell lol I'm sure he would laugh at that, sure he's jack now
@mattodell @nvk would mastodon be interested in serving the community to fix this? We are homeless
Sorry I don't entirely get it. If I log in to Mastodon through Tor, the server I'm logging into is still able to see my IP?
@Raindogdance no, but since it isn't a native hidden service you are vulnerable to man in the middle attacks by the exit node you use
@mattodell
Gotcha, thx!
@mattodell @nvk
it's definitely possible to allow users to connect to the mastodon site through an onion service, for example i have x0f.org available at https://bvrgrzu5awjacohape5s6s3j2locltcu5c7azzzuufqznknus5ll5fid.onion
@orionwl @mattodell @nvk also, that the server holds DMs is presumably orthogonal to this. E2E encryption would be nice, requiring key infrastructure though. I treat DMs here as quasi-public, but I also do that for other platforms.
@waxwing @mattodell @nvk
right i wouldn't hold my breath for mastodon supporting E2E encryption; i'm not sure it's even good if every software develops its own E2E encrypted private communication because spreads out cryptography review so much
it's a publication protocol mainly
FWIW x0f also runs a matrix server, a chat protocol that supports E2E (even for group chats), if you're on this server and interested in an account let me know
@orionwl @waxwing @mattodell @nvk I wouldn't be surprised if the Mastodon devs actually think E2E encryption on chats would be a negative. Mastodon is designed around a community model, with moderation, in a context of being worried about abuse and toxic behavior. If that's your design goal, is E2E encryption on DM's actually a feature you want? _I_ would say yes. But I can imagine those devs saying no.
@pete @orionwl @waxwing @mattodell @nvk this is an interesting panel where they briefly address the topic
~
@lain @mattodell @nvk @orionwl @waxwing Thanks! Good to see.
@mattodell @nvk
So is Twitter.
@mattodell
If you think your *instance* (not Mastodon) admin's goal is to rob you, maybe you're on the wrong instance?
If your thread model is as 'paranoid' as you seem to indicate, Mastodon has a solution for that (too): run your own instance.
I assume that you've also informed all your followers on birdsite that the minimum wage earning employees of Twitter have access to a wealth of personal info. But in this case, there is no remedy.
Be aware!
(also, don't trust VPN providers)
@FreePietje @mattodell VPN are honeypots, but at least it decouples metadata from your account (assuming no mitm). And better for people to be aware of the risks and make the tradeoff for themselves, explicitly and informed, than implicitly and uninformed.
@kekcoin @mattodell
I fully agree.
But I found that the tradeoffs weren't made clear, that's why I felt the need/urge to 'rile' against it a bit.
VPN are often presented as some magical privacy and security solution, which they are not. If you're aware of the risks and tradeoffs, you surely can use them.
When all (your) Tor exit nodes are compromised, then the most likely scenario is that the NSA is after you. If you're not Elliot Alderson, that *very* likely means game over.
@kekcoin @FreePietje @mattodell do you use one?
@mattodell @nvk Pretty sure Mastodon can be run behind a Tor onion. It even has a setting for whether or not it a clearnet Mastodon should federate over Tor.
@nvk - It would be great if we could access bitcoinhackers.org through an onion address. Late christmas gift!
@mattodell @nvk
So should go thru a vpn when going on Mastadon?
@mattodell @nvk lucky no one has dm’d me in the 3 years I’ve been using this platform lol 😭
@Brittkelly @mattodell @nvk Is that an invitation? 😂
@Brittkelly @mattodell @nvk just logged in after 2 years. I feel less alone now 🤣
@mattodell @nvk nvk? More like cia
@evankaloudis @mattodell @nvk 🎵 Everyone's a spook🎵
@mattodell @nvk great call. And well explained.
isnt twitter a much bigger honey pot of personal info on bitcoiners rn?
@mattodell @nvk Agreet, was hoping to use bitcoinhackers as my main mastodon instance, now using podcastindex.social (great service), which allows for Tor access.
Saying MASTODON cannot be accessed through Tor is a bit unfair.
@mattodell @nvk is it safe to use with a standard vpn?
@mattodell @nvk in which way are native Tor hidden service more secure for the user vs a standard website? The exit node in both cases knows a long-lived web address (either .onion or .org). Doesn't just prevent the leaking the IP of the server?
@mattodell @nvk thanks